Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)



Similar documents
How To Encrypt Data With Encryption

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Information Security

SENSE Security overview 2014

Dashlane Security Whitepaper

Crypho Security Whitepaper

Our Key Security Features Are:

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Is your data safe out there? -A white Paper on Online Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

The Security Behind Sticky Password

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Usable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Client Server Registration Protocol

A Standards-based Approach to IP Protection for HDLs

High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Guide to Data Field Encryption

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

DRAFT Standard Statement Encryption

Sync Security and Privacy Brief

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

An Introduction to Cryptography and Digital Signatures

WS_FTP Professional 12. Security Guide

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Using etoken for SSL Web Authentication. SSL V3.0 Overview

FileCloud Security FAQ

Analyzing the Security Schemes of Various Cloud Storage Services

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

Blaze Vault Online Backup. Whitepaper Data Security

Lecture 9: Application of Cryptography

Cryptography & Digital Signatures

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

LBSEC.

Skoot Secure File Transfer

Computer Security: Principles and Practice

An Introduction to Cryptography as Applied to the Smart Grid

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

IT Networks & Security CERT Luncheon Series: Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Single Sign-On Secure Authentication Password Mechanism

2014 IBM Corporation

Security Architecture Whitepaper

Bit Chat: A Peer-to-Peer Instant Messenger

CRYPTOGRAPHY IN NETWORK SECURITY

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

CipherShare Features and Benefits

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

BANKING SECURITY and COMPLIANCE

More effective protection for your access control system with end-to-end security

White Paper. Enhancing Website Security with Algorithm Agility

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Installation and usage of SSL certificates: Your guide to getting it right

Healthcare Compliance Solutions

INTRODUCTION TO CRYPTOGRAPHY

Research Article. Research of network payment system based on multi-factor authentication

Security Digital Certificate Manager

QR-CODE BASED NON-REPUDIATION TRANSACTION VERIFICATION SYSTEM

Cornerstones of Security

PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO

Network Security Protocols

Center for Internet Security. INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO

HOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE

1.2 Using the GPG Gen key Command

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Ensuring the security of your mobile business intelligence

Is Your SSL Website and Mobile App Really Secure?

Vs Encryption Suites

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

LogMeIn HIPAA Considerations

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

CRYPTOGRAPHY AS A SERVICE

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

, ) I Transport Layer Security

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Chap. 1: Introduction

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Advanced Authentication

White Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007

Security Digital Certificate Manager

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Securing your Online Data Transfer with SSL

Overview. SSL Cryptography Overview CHAPTER 1

Transcription:

Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe. Data in Cryptelo is immediately available to your colleagues and the entire team can store files in one place, so there is no longer a need to keep different versions of one file. Easily upload and share files, directories, and sections of the directory structure. No one except authorized users (including the creators) are able to access data. Each Cryptelo user has their own hidden private space that neither the owner nor the administrator can see. Even the very existence of communication between specific users is concealed. However, only the Cryptelo Drive owner can determine who has access to the system. The Cryptelo system is completely designed and developed by our company. Cloud and Server Cryptelo Drive can be used as a cloud service or as a specially designed server. oth options guarantee identical levels of data encryption. The Cryptelo server can be installed on your own hardware and be placed in your home or office, giving you full control over where your data is physically located. Thanks to precise designed cryptographic solutions, data cannot be decrypted even if someone physically gets into the server (whether it s a hacker, an administrator or an owner of Cryptelo Drive). Everyday Encryption Data security can be ensured through a variety of sophisticated methods, but a heavy demand is placed on the user s knowledge and discipline. Cryptelo Drive uses the most reliably tested existing encryption algorithms. Made for everyday business use, Cryptelo has been designed to be intuitive, extremely comfortable to work with and instantly accessible to regular employees and external contractors. External workers cannot connect to the corporate LAN network, and therefore cannot compromise the entire network. Connected from everywhere There is no need to install special applications in order to work with Cryptelo Drive. Thanks to this, you re able to instantly access your data from any device - laptops, tablets, mobile phones. Cryptelo Drive is a web application, so all you need is a web browser (Chrome, Mozilla Firefox, Internet Explorer 11) for your data to always be available to you. Cryptelo completely protects your data Cryptelo Drive protects the data itself during transmission between devices. A Cryptelo user, unlike users of other cloud services, does not have to rely on a third party when transferring data to and from the server, ensuring security. There is no need to protect the connection channel or depend on the physical protection of the Cryptelo server itself. Data is encrypted and decrypted only by the end users. The entire time they are transmitted via Internet or are in the cloud, everything is always encrypted. Therefore, with respect to its protection, it s irrelevant where it s located and in what way it is transmitted. Absolutely reliable Cryptelo Drive protection Data transmitted to the server Data sharing (both files and directory structure) Without Cryptelo protection Devices that work with data in an unencrypted form Decrypted data on client devices after they leave Cryptelo User security (anonymous user, file and directory names User privacy (no one except the user can see their own data) 2 Cryptelo Drive

Comprehensive security of your data and communication is only ensured in combination with other Cryptelo data protection products you are working with. For more information and recommendations, visit our website /security Encryption We guarantee safety, we don t promise it reaking our encryption algorithm is harder than finding one specific atom in the galaxy. How do we know? Cryptelo is based on proven algorithms that can t be broken other than through guessing an encryption key. The probability of locating the exact key by way of trying every possibility is 1 : 2 256 ( 1 : 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,66 5,640,564,039,457,584,007,913,129,639,936 ). Each file encrypted using Cryptelo is given a unique randomly generated key. Even if an attacker manages to crack an encrypted key for one file, this does not automatically give him access to other data. Unique cryptografic design and precise implementation Unique cryptographic design by Vlastimil Klíma, one of the world s foremost cryptologists. Klíma led a successful attack on the MD5 algorithm, the SSL Protocol and OpenPGP. Precise implementation by experienced SW developers - developers of the worlds best browser based encryption. Constructing a quality system based on cryptographic design is an integral part of having a reliable solution. Most attacks on security systems are not directed at the cryptographic concept, but on its implementation. We recognize that reliability and credibility is very important to our clients. Implementation of reliable filesystem is hard. Implementation of reliable filesystem with strong cryptographic properties is almost impossible. To ensure data in Cryptelo are really safe, not lost nor compromised, we use several strategies: standard unit tests randomized tests and cross-tests between different implementation and different platforms to ensure, that what you encrypt you can also decrypt anywhere simulation testing of random end-to-end scenarios performance tests and load tests penetration tests and code review by independent 3rd party Top Secret Security Level Through the use of applied cryptography methods, Cryptelo solves the problem of how to ensure the transmission and storage of sensitive data is under all circumstances accessible onlyto authorized personnel. According to the NSA classification system, Cryptelo meets their top secret security level criteria, a level of security used by armies and governments to protect their most critical data. 3 Cryptelo Drive

Algorithm Function Specification Parameters Advanced Encryption Standard (AES) Encryption FIPS Pub 197 128 bit keys for SECRET 256 bit keys for TOP SECRET Elliptic Curve Diffie-Hellman (ECDH) Key Exchange NIST SP 800-56A Curve P-256 for SECRET Curve P-384 for TOP SECRET Elliptic Curve Digital Signature Algorithm (ECDSA) Digital Signature FIPS Pub 186-4 Curve P-256 for SECRET Curve P-384 for TOP SECRET Secure Hash Algorithm (SHA) Hashing FIPS Pub 180-4 SHA-256 for SECRET SHA-384 for TOP SECRET Encryption method Cryptelo is based on a combination of symmetric and asymmetric encryption. Its asymmetric encryption uses elliptical curves, making it possible to use shorter keys and achieve much higher levels of security than in comparison to RSA. Symmetric encryption One key is used to both encrypt and decrypt the data Asymmetric encryption Different keys are used to encrypt and decrypt the data AES-256 Elliptical curve P-384 How Cryptelo Drive works External keychain token In order to store keys and user authentication, Cryptelo Drive uses an external token - the Cryptelo ID application either on a mobile telephone or a US flash disk. Logging into Cryptelo Drive The Cryptelo ID application replaces a traditional password when logging into Cryptelo Drive, securely verifying that it s you who is working with your encrypted files. Data stored in the Cryptelo ID application is encrypted with a strong user password (so-called master password ). Security is enhanced through a combination of passwords and salt - a random string of characters - practically eliminating the possibility of an effective brute force attack. 4 Cryptelo Drive

Key storage The key storage on the mobile phone (external token) is physically separated divided from the storage of encrypted data in the Cryptelo Drive application. Encrypted files can be shared by sending keys from a keychain sender to a keychain recipient, even when some of the recipients are offline, it is possible to transfer keys offline using the Cryptelo server. The keys are naturally encrypted throughout the entire transmission. A1 A2 Client side key generation When encrypting a file, the key is always generated outside the server and on the end user s device. The key is randomly generated directly in a web browser with a secure randomly generated number. Even in the event that an attacker gains physical access to the server, the keys under which the data is encrypted cannot be obtained. The file is encrypted directly within the user s computer. Keys to encrypted files are sent to keychains in the Cryptelo ID application and encrypted files are sent to the server. C - Cryptelo Drive web application C A One-time password for each login When accessing Cryptelo, unique one-time passwords are generated for every login. oth the web application Cryptelo Drive and the mobile application Cryptelo ID use the Diffie-Hellman algorithm to create an encrypted channel that facilitates the transfer of passwords. This prevents passwords from being stolen during transfer. Even if the applications communication is intercepted by an attacker, the attacker is not able to reconstruct the key using the acquired information. Irrespective of the disclosure of a password, the uniqueness of the login password keeps it from being exploited as it is no longer valid for any subsequent login attempts. An encrypted channel between the web application Cryptelo Drive and mobile application Cryptelo ID is created using the Diffie-Hellman algorithm. C A The encrypted channel is used to secure user authentication - secure login to Cryptelo Drive. C - Cryptelo Drive web application 5 Cryptelo Drive

Secure file sharing the biggest challenge The biggest challenge in terms of cryptography is ensuring the security of files, or more precisely, of keys to an encrypted file as they are being transmitted to another person. Through the eyes of an ordinary Cryptelo user, the process of sharing is not that interesting - a user uploads a file and adds other users to share the file with. The intended co-workers will then have instant access to the file. Internally, however, sharing is a complex process of transfering data and keys. What happens when sharing files between users? What happens inside Cryptelo? The file is encrypted using the Cryptelo Drive web application and is stored on the Cryptelo server, while the file key is saved to Cryptelo ID The file key is transferred to the Cryptelo ID recipient If the Cryptelo ID recipient is offline, the key is transmitted when the user reconnects The file will only be made available to the specified recipient What we see from the outside? Communication with the server can be detected (data stream) Detection of the type of data being sent to the server is not possible It s impossible for the names of files, directories, or directory structure to be revealed Identifyication of those communicating (sharing data) is not possible If the recipient accepts the shared file, the encrypted file will be downloaded from the Cryptelo server along with the key from Cryptelo ID. The file decryption occurs in the recipients web applicaiton Only authorized recipients can download an encrypted file from the server and open it on their computer using a key sent to their keychain. C - Cryptelo Drive web application A C 6 Cryptelo Drive

Cryptelo Drive users User s anonymity No unauthorised individuals are able to access information concerning the data s content, including their creators and those whom the data has been shared with. Cryptelo provides each user with their own undetectable private space which cannot be viewed by anyone else. Even the very existence of communication between specific users is concealed. Private space Neither the administrators nor the owners of Cryptelo have access to the encrypted data of its users. The cryptographic design takes into account the fact that both of them could be potential attackers. Thereby, they cannot give the data to anyone, nor are they not responsible for the data s content - the architecture of the system does not allow it. If even the administrator and the owner of the system are considered potential attackers, than what chance do attackers have via the internet? Owner as initiator The product owner is the one who activates Cryptelo Drive Once the system is activated, new keys are generated to encrypt the drive. User management The owner determines the administrator (assuming it is someone besides themself) who will have the right to authorize users to work within Cryptelo. The administrator also addresses situations where the number of users has been exceeded. New users can create user accounts in Cryptelo ID on the basis of an invitation from the owner. In order to authorize a new user account, the help of the Diffie-Hellman algorithm is used to veryify the authenticity of their identity. Internal users have the ability to add external users temporarily for more efficient cooperation. Who is Cryptelo for? Companies with sensitive personal data in the fields of law, finance and insurance, human resources and health Firms with valuable knowledge in the fields of construction, engineering, chemistry and pharmacy, research, development, and inovation Government and military - state entities which require credible data protection For anyone who wants secure corporate data and communication with the maximum level of security. Contact us CZ +420 777 002 483 iwant@cryptelo.com Cryptelo s.r.o. Pod Hájkem 406/1a 180 00 Praha Czech Republic Cryptelo April 2015 7 Cryptelo Drive

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information